CVE-2025-24528
HIGH7.1EPSS 0.21%krb5 - security update
Published: 1/16/2026Modified: 4/28/2026
Description
In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.
Affected packages (2)
- Debian/krb5from 0, < 1.18.3-6+deb11u6
- Debian/krb5from 0, < 1.18.3-6+deb11u6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H |